In the modern DevSecOps landscape, teams often struggle to achieve more with fewer resources, leading to the development of counterproductive habits. These habits can significantly hinder the ability to establish effective security programs. Our presentation aims to address these challenges by identifying common anti-patterns based on our experiences and observations in the field. We will highlight the problems associated with these habitual practices and offer concrete, practical solutions.
Throughout this session, we will guide you through the most prevalent anti-patterns identified in our security efforts and observed in other teams. Additionally, we will provide alternatives to these detrimental practices, along with a compilation of free and open-source tools endorsed by the community. These resources are instrumental in reinforcing strong security practices across different organizations. Join us as we delve into a narrative of anti-patterns, best practices, and the extensive potential of automation to enhance security measures.
Interview:
What's the focus of your work these days?
I'm the founder of a company in the Security Automation Space and its principal architect/security engineer. We create solutions that radically improve the efficiency of any security engineering team.
What's the motivation for your talk at QCon London 2024?
To provide a list of the most common counter-productive behaviors observed by several security teams out there, how to recognize early signs of this and how it can be overcome with a mix of human intervention and automation.
How would you describe your main persona and target audience for this session?
Persona: developers or security folks
Level: medium+
Is there anything specific that you'd like people to walk away with after watching your session?
Security people are not the police, they are the team's physician.
Therefore, they are not there to add checks and balances; they're there to observe and advise on good habits that would lead to a long and healthy product life cycle. Talk to them the same as you'd talk to your physician.
Speaker
Spyros Gasteratos
Founder @smithy.security
Spyros is a seasoned security leader with nearly two decades of experience, from analyst to CISO. As the founder of Smithy.security, he develops open-core products to democratize and simplify product security for all. He maintains Smithy, a security workflow automation engine, and OpenCRE.org, the world's largest security knowledge graph. Passionate about open source, Spyros focuses on harmonizing security tools to empower teams of all sizes.
Find Spyros Gasteratos at:
Date
Wednesday Apr 10 / 03:55PM BST ( 50 minutes )
Location
Mountbatten (6th Fl.)
